Time
10 hours 41 minutes
Difficulty
Beginner
CEU/CPE
12

Video Transcription

00:05
So next we'll talk about get us l dap
00:09
de ns runs import 53.
00:13
So now Dean s runs on 53 but also it runs on T C, P and U D p.
00:20
So it Dean s domain name service does is it turns thes complicated. I p addresses into names, so every host has an I p address. But when you want to go look at a popular website like Google or Microsoft, you're not putting in the i P address for their servers. You're putting in a name
00:38
that's called D E N s.
00:40
So it translates the names. It translates numbers, two names
00:44
and vice versa.
00:46
So
00:47
there's a
00:49
There's, uh the Internet maintains a series of root servers across the world that maintains a list of all the Internet domain names
00:57
and the replicated across each other.
01:00
So when you go rusher domain name,
01:03
the name that you buy and the I p that's associated with are gonna be replicated up into the root servers.
01:10
So when you queria name on the internet,
01:12
you clear your local dina server, which eventually gonna
01:17
query up to the root server to find out. Okay, where do I go, it's in a tree structure.
01:23
So now you can run your own local Dina server. If you're running like an internal network to help resolve names internally,
01:30
that doesn't have to connect to the Internet at all.
01:33
It's just local
01:36
because, like Microsoft active director requires D. N s.
01:40
It operates.
01:44
So we look at a domain name like, uh, Debbie every day Microsoft dot com
01:49
First, it's gonna go look at the root server that's hosting dot com, and that's gonna tell it the next server look at for Microsoft and then at Microsoft will be a server that says who? Debbie Debbie W. Is.
02:00
That's how quickly would proceed.
02:07
So now we have.
02:09
If I'm doing a Dina, if I'm doing a look up for a name like I go visit w dot google dot com.
02:15
My request. Gonna be sent over to a d. N. A. Server
02:19
Report. 53 Butt's going to sentence you tp. It's a very small packet.
02:23
If you don't respond immediately, it can retry and I won't even notice in my lookups. That's why it could be UDP fast but not guaranteed delivery. We're just don't query,
02:31
but when we have dina service talking to each other in exchange in what's called the Zone Files zone files is the entire list of name tonight peas that that dina service responsible for maintaining.
02:43
We transfer the information to another D. N s server to replicate across the Internet.
02:46
I go over port 53 but I do it as TCP because I want that
02:52
to be a reliable. It's like a file transfer.
02:55
So when you're doing transfers, you should be. When you do ***, look up. You're at
03:00
UDP for Port 53 by a zone transfer between DINA servers would be on TCP.
03:06
An average user will never see that. What assets Madman level.
03:09
When you have Dina serve especially Microsoft Environment talking to each other there be doing over TCP
03:19
de ns is not encrypted
03:22
by default.
03:27
Uh, it's it's ah good. It's very susceptible to attack if not secured properly what people can do or called
03:35
Dean s cash poisoning or, um
03:38
or redirect. So what happened is especially if it's not a secure site. That certificate
03:45
We can go
03:46
to your machine or to your Dina, sir, If I hack your d n a server, I can make it so that whenever you go to google dot com,
03:53
I'm gonna change that match so that the number that you go to is not the real google dot com. It is
03:58
my server, but you won't know if you type google dot com. You don't know what the I P addresses from. Who calm you just assume so. Instead, you get a CZ. You get sent to my server
04:08
hosting a page that looks just like google dot com,
04:12
and you know you go type in your search credit when you hit Submit. At the same time, I'm gonna send something bad back with it,
04:18
something malicious that you can download. So
04:21
that's one of the ways that Dennis is exploited
04:25
quite a bit.
04:28
So
04:30
it's called cash poisoning.
04:32
Al DAP is lightweight Directory access Protocol works on report. 389
04:38
It's a client's every directory query. Kind of like active directory. It means it's, um, it's basically a directory.
04:46
You can use it the story of kind of information most commonly used to store use, named passwords, telephone numbers. There's commercial open source
04:54
on that Travels will report 389
04:57
by default. It's plain text, but you can right over SSL
05:00
encryption
05:01
s so we'll talk about S and P. Simple network Management Protocol
05:06
application layer protocol for managing T's creepy based networks
05:11
consists of Mandarin Agent that runs a service on May devices from work stations for hours. You see it mainly on routers, switches and printers.
05:17
Using this simple network management protocol commonly used to gather statistics
05:24
from the devices can also be used to simple management
05:29
Is it was called community strings instead of passwords.
05:32
So based on the string
05:34
that you used to connect to the device determines if you have read access or read right access to convict files.
05:45
MIPS. What's that?
05:47
Meds?
05:49
Machine information.
05:54
I'm not sure what Mrs May
05:58
I remember using a long time ago
06:00
sounds familiar, but I haven't
06:04
S and B port for 45 That's what Microsoft uses file sharing. When you do Windows file sharing,
06:12
it's part four for five. Now make sure that Port 445 is only
06:15
that's one of those ones that you shouldn't have opened on the firewall. There's no reason you do Windows file sharing
06:21
outside of your internal network,
06:24
at least in the whole environment. If you're in a more enterprise network, you might have
06:28
445 and internally, but it should never go out to the Internet.
06:34
It's been adopted for other operations and besides Windows, though, so it's always been known as on Lennox as the common Internet file system.
06:43
And so Lennox Lennox uses have developed their own alternative, called samba,
06:47
which will emulate Windows on not actually emulate Windows but at Emulate a Windows File server so it will host will be able to run Windows File shares. Host Windows File shares over 445
07:01
It can also connect to Windows File shares. So I'm on a Lex PC on Connect to a Windows File share on a Windows machine using the right username password. If I have
07:11
samba installed,
07:14
they do have it. It's not
07:16
totally reliable. They do have a
07:19
um
07:20
they have their own versions off active directory, so you can almost host
07:26
a active directory using samba on Lenox machines and have Windows machines connect to it. But it's not even it's all really doesn't provide file sharing and centralize username password that doesn't have all the intricacies of group policies and
07:44
the other features off active directory

Up Next